Network Adversary Attacks against Secure Encryption Schemes

Virgil D. GLIGOR  Bryan PARNO  Ji Sun SHIN  

IEICE TRANSACTIONS on Communications   Vol.E98-B   No.2   pp.267-279
Publication Date: 2015/02/01
Online ISSN: 1745-1345
DOI: 10.1587/transcom.E98.B.267
Type of Manuscript: PAPER
Category: Fundamental Theories for Communications
network adversary attacks,  symmetric encryption schemes,  key-protection properties,  block ciphers,  

Full Text: PDF(826.1KB)>>
Buy this Article

We show that, in practice, a network adversary can achieve decidedly non-negligible advantage in attacking provable key-protection properties; e.g., the “existential key recovery” security and “multi-key hiding” property of typical nonce-based symmetric encryption schemes whenever these schemes are implemented with standard block ciphers. We also show that if a probabilistic encryption scheme uses certain standard block ciphers (e.g., two-key 3DES), then enforcing the security bounds necessary to protect against network adversary attacks will render the scheme impractical for network applications that share group keys amongst many peers. The attacks presented here have three noteworthy implications. First, they help identify key-protection properties that separate the notion of indistinguishability from random bits (IND$) from the strictly weaker notion of indistinguishability of ciphertexts (IND); also, they help establish new relationships among these properties. Second, they show that nonce-based symmetric encryption schemes are typically weaker than probabilistic ones. Third, they illustrate the need to account for the Internet-level growth of adversary capabilities when establishing the useful lifetime of standard block-cipher parameters.